Sunday, May 12, 2013

Almost two years ago, I posted "Phishing for Jews, Part I" about a scam in which the traditional false email of "I'm out of money overseas" is made more credible by adding, "I would appreciate whatever you can help with , promise to refund you right as soon as I'm back home in a couple of days Be'H."

On Sunday I received a next-generation Jew Phish, an email with the following text at the bottom, looking for all the world like a standard Gmail attachment (I have neutralized the dangerous links here):

Looks just like there is an attachment - and it is designed to attract a member of the Jewish community, with that heading.

I was suspicious, so I checked the "view" and "download" links before clicking. Sure enough, they would not have led to a document at all. As I soon found out from others who had clicked, following the link would have taken the reader to a website where he would have been asked to sign into his Gmail account - entering his login and password - in order to read the supposed attachment.

Someone is looking to snare members of the tribe by using tribe-specific bait, it seems. I wonder if it's going on among other ethnicities as well.

If you receive an email like this, delete it immediately, do not pass Go, do not collect $200. And if you clicked on it and logged in, then it's time to flush your email account - new password, check the auto-forward settings and password recovery options to ensure they haven't been altered, and turn on two-step sign-in authentication...